diff --git a/chart/ms-compitem-crud/Chart.yaml b/chart/ms-compitem-crud/Chart.yaml index 225cf37..c5dd51a 100644 --- a/chart/ms-compitem-crud/Chart.yaml +++ b/chart/ms-compitem-crud/Chart.yaml @@ -2,5 +2,5 @@ description: Dependency Packages icon: https://ortelius.github.io/ortelius-charts/logo.png name: ms-compitem-crud type: application -version: 10.0.6 -appVersion: 10.0.6 +version: 10.0.7 +appVersion: 10.0.7 diff --git a/chart/ms-compitem-crud/values.yaml b/chart/ms-compitem-crud/values.yaml index e1dd2f8..0429ac4 100644 --- a/chart/ms-compitem-crud/values.yaml +++ b/chart/ms-compitem-crud/values.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: repository: quay.io/ortelius/ms-compitem-crud - tag: main-v10.0.6-gae844f - sha: sha256:1a41b49be933fa0da1dddb9b9690f68b578e8bc5ae7c59dbda5402974f845623 + tag: main-v10.0.7-ga4569a + sha: sha256:80e2c9c8d920500b9292fbc51263b7c26ba3a5cbf582c0dd8274b4ddadb78d46 pullPolicy: Always diff --git a/trivy-results.sarif b/trivy-results.sarif index d16b071..4068682 100644 --- a/trivy-results.sarif +++ b/trivy-results.sarif @@ -8,553 +8,11 @@ "fullName": "Trivy Vulnerability Scanner", "informationUri": "https://github.com/aquasecurity/trivy", "name": "Trivy", - "rules": [ - { - "id": "CVE-2010-4756", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions" - }, - "fullDescription": { - "text": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2010-4756", - "help": { - "text": "Vulnerability CVE-2010-4756\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2010-4756](https://avd.aquasec.com/nvd/cve-2010-4756)\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "markdown": "**Vulnerability CVE-2010-4756**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2010-4756](https://avd.aquasec.com/nvd/cve-2010-4756)|\n\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632." - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2018-20796", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c" - }, - "fullDescription": { - "text": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0026#39; in grep." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2018-20796", - "help": { - "text": "Vulnerability CVE-2018-20796\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2018-20796](https://avd.aquasec.com/nvd/cve-2018-20796)\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "markdown": "**Vulnerability CVE-2018-20796**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2018-20796](https://avd.aquasec.com/nvd/cve-2018-20796)|\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep." - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2019-1010022", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: stack guard protection bypass" - }, - "fullDescription": { - "text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2019-1010022", - "help": { - "text": "Vulnerability CVE-2019-1010022\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2019-1010022](https://avd.aquasec.com/nvd/cve-2019-1010022)\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", - "markdown": "**Vulnerability CVE-2019-1010022**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2019-1010022](https://avd.aquasec.com/nvd/cve-2019-1010022)|\n\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"" - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2019-1010023", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation" - }, - "fullDescription": { - "text": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2019-1010023", - "help": { - "text": "Vulnerability CVE-2019-1010023\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2019-1010023](https://avd.aquasec.com/nvd/cve-2019-1010023)\n** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", - "markdown": "**Vulnerability CVE-2019-1010023**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2019-1010023](https://avd.aquasec.com/nvd/cve-2019-1010023)|\n\n** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"" - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2019-1010024", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: ASLR bypass using cache of thread stack and heap" - }, - "fullDescription": { - "text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2019-1010024", - "help": { - "text": "Vulnerability CVE-2019-1010024\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2019-1010024](https://avd.aquasec.com/nvd/cve-2019-1010024)\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"", - "markdown": "**Vulnerability CVE-2019-1010024**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2019-1010024](https://avd.aquasec.com/nvd/cve-2019-1010024)|\n\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\"" - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2019-1010025", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: information disclosure of heap addresses of pthread_created thread" - }, - "fullDescription": { - "text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0026#39;s position is \u0026#34;ASLR bypass itself is not a vulnerability.\u0026#34;" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2019-1010025", - "help": { - "text": "Vulnerability CVE-2019-1010025\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2019-1010025](https://avd.aquasec.com/nvd/cve-2019-1010025)\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", - "markdown": "**Vulnerability CVE-2019-1010025**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2019-1010025](https://avd.aquasec.com/nvd/cve-2019-1010025)|\n\n** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"" - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2019-9192", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c" - }, - "fullDescription": { - "text": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(|)(\\\\1\\\\1)*\u0026#39; in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2019-9192", - "help": { - "text": "Vulnerability CVE-2019-9192\nSeverity: LOW\nPackage: libc6\nFixed Version: \nLink: [CVE-2019-9192](https://avd.aquasec.com/nvd/cve-2019-9192)\n** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", - "markdown": "**Vulnerability CVE-2019-9192**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|libc6||[CVE-2019-9192](https://avd.aquasec.com/nvd/cve-2019-9192)|\n\n** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern." - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2007-6755", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "Dual_EC_DRBG: weak pseudo random number generator" - }, - "fullDescription": { - "text": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \u0026#34;skeleton key\u0026#34; values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE." - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2007-6755", - "help": { - "text": "Vulnerability CVE-2007-6755\nSeverity: LOW\nPackage: openssl\nFixed Version: \nLink: [CVE-2007-6755](https://avd.aquasec.com/nvd/cve-2007-6755)\nThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", - "markdown": "**Vulnerability CVE-2007-6755**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|openssl||[CVE-2007-6755](https://avd.aquasec.com/nvd/cve-2007-6755)|\n\nThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE." - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - }, - { - "id": "CVE-2010-0928", - "name": "OsPackageVulnerability", - "shortDescription": { - "text": "openssl: RSA authentication weakness" - }, - "fullDescription": { - "text": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \u0026#34;fault-based attack.\u0026#34;" - }, - "defaultConfiguration": { - "level": "note" - }, - "helpUri": "https://avd.aquasec.com/nvd/cve-2010-0928", - "help": { - "text": "Vulnerability CVE-2010-0928\nSeverity: LOW\nPackage: openssl\nFixed Version: \nLink: [CVE-2010-0928](https://avd.aquasec.com/nvd/cve-2010-0928)\nOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", - "markdown": "**Vulnerability CVE-2010-0928**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|LOW|openssl||[CVE-2010-0928](https://avd.aquasec.com/nvd/cve-2010-0928)|\n\nOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"" - }, - "properties": { - "precision": "very-high", - "security-severity": "2.0", - "tags": [ - "vulnerability", - "security", - "LOW" - ] - } - } - ], + "rules": [], "version": "0.37.1" } }, - "results": [ - { - "ruleId": "CVE-2010-4756", - "ruleIndex": 0, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2010-4756\nSeverity: LOW\nFixed Version: \nLink: [CVE-2010-4756](https://avd.aquasec.com/nvd/cve-2010-4756)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2018-20796", - "ruleIndex": 1, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2018-20796\nSeverity: LOW\nFixed Version: \nLink: [CVE-2018-20796](https://avd.aquasec.com/nvd/cve-2018-20796)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2019-1010022", - "ruleIndex": 2, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2019-1010022\nSeverity: LOW\nFixed Version: \nLink: [CVE-2019-1010022](https://avd.aquasec.com/nvd/cve-2019-1010022)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2019-1010023", - "ruleIndex": 3, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2019-1010023\nSeverity: LOW\nFixed Version: \nLink: [CVE-2019-1010023](https://avd.aquasec.com/nvd/cve-2019-1010023)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2019-1010024", - "ruleIndex": 4, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2019-1010024\nSeverity: LOW\nFixed Version: \nLink: [CVE-2019-1010024](https://avd.aquasec.com/nvd/cve-2019-1010024)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2019-1010025", - "ruleIndex": 5, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2019-1010025\nSeverity: LOW\nFixed Version: \nLink: [CVE-2019-1010025](https://avd.aquasec.com/nvd/cve-2019-1010025)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2019-9192", - "ruleIndex": 6, - "level": "note", - "message": { - "text": "Package: libc6\nInstalled Version: 2.31-13+deb11u5\nVulnerability CVE-2019-9192\nSeverity: LOW\nFixed Version: \nLink: [CVE-2019-9192](https://avd.aquasec.com/nvd/cve-2019-9192)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libc6@2.31-13+deb11u5" - } - } - ] - }, - { - "ruleId": "CVE-2007-6755", - "ruleIndex": 7, - "level": "note", - "message": { - "text": "Package: libssl1.1\nInstalled Version: 1.1.1n-0+deb11u4\nVulnerability CVE-2007-6755\nSeverity: LOW\nFixed Version: \nLink: [CVE-2007-6755](https://avd.aquasec.com/nvd/cve-2007-6755)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libssl1.1@1.1.1n-0+deb11u4" - } - } - ] - }, - { - "ruleId": "CVE-2010-0928", - "ruleIndex": 8, - "level": "note", - "message": { - "text": "Package: libssl1.1\nInstalled Version: 1.1.1n-0+deb11u4\nVulnerability CVE-2010-0928\nSeverity: LOW\nFixed Version: \nLink: [CVE-2010-0928](https://avd.aquasec.com/nvd/cve-2010-0928)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: libssl1.1@1.1.1n-0+deb11u4" - } - } - ] - }, - { - "ruleId": "CVE-2007-6755", - "ruleIndex": 7, - "level": "note", - "message": { - "text": "Package: openssl\nInstalled Version: 1.1.1n-0+deb11u4\nVulnerability CVE-2007-6755\nSeverity: LOW\nFixed Version: \nLink: [CVE-2007-6755](https://avd.aquasec.com/nvd/cve-2007-6755)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: openssl@1.1.1n-0+deb11u4" - } - } - ] - }, - { - "ruleId": "CVE-2010-0928", - "ruleIndex": 8, - "level": "note", - "message": { - "text": "Package: openssl\nInstalled Version: 1.1.1n-0+deb11u4\nVulnerability CVE-2010-0928\nSeverity: LOW\nFixed Version: \nLink: [CVE-2010-0928](https://avd.aquasec.com/nvd/cve-2010-0928)" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "ortelius/ms-compitem-crud", - "uriBaseId": "ROOTPATH" - }, - "region": { - "startLine": 1, - "startColumn": 1, - "endLine": 1, - "endColumn": 1 - } - }, - "message": { - "text": "ortelius/ms-compitem-crud: openssl@1.1.1n-0+deb11u4" - } - } - ] - } - ], + "results": [], "columnKind": "utf16CodeUnits", "originalUriBaseIds": { "ROOTPATH": {