docker导出日志到本地的方法是什么
301
2022-09-10
Kubernetes CKS【19】---Image Vulnerability Scanning(Trivy)
Kubernetes CKS【19】---Image Vulnerability Scanning(Trivy)
文章目录
1. 漏洞扫描图像介绍2. Trivy介绍3. 使用Trivy扫描图像
Trivy
1. 漏洞扫描图像介绍
Trivy介绍
3. 使用Trivy扫描图像
root@node1:~/cks/vul-scan# docker run ghcr.io/aquasecurity/trivy:latest image nginx:latest2021-05-21T07:53:24.540Z INFO Need to update DB2021-05-21T07:53:24.540Z INFO Downloading DB...2021-05-21T07:53:44.550Z FATAL DB error: failed to download vulnerability DB: failed to download vulnerability DB: failed to list releases: Get "dial tcp: lookup api.github.com on 8.8.8.8:53: read udp 172.17.0.3:37595->8.8.8.8:53: i/o timeoutroot@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:latest2021-05-21T07:53:57.092Z INFO Need to update DB2021-05-21T07:53:57.092Z INFO Downloading DB...370.09 KiB / 21.40 MiB [->___________________________________________________________] 1.69% ? p/s ?859.52 KiB / 21.40 MiB [-->__________________________________________________________] 3.92% ? p/s ?1.45 MiB / 21.40 MiB [---->__________________________________________________________] 6.77% ? p/s ?2.09 MiB / 21.40 MiB [---->______________________________________________] 9.77% 2.88 MiB p/s ETA 6s2.73 MiB / 21.40 MiB [------>___________________________________________] 12.76% 2.88 MiB p/s ETA 6s3.43 MiB / 21.40 MiB [-------->_________________________________________] 16.05% 2.88 MiB p/s ETA 6s4.28 MiB / 21.40 MiB [--------->________________________________________] 19.99% 2.93 MiB p/s ETA 5s5.22 MiB / 21.40 MiB [------------>_____________________________________] 24.39% 2.93 MiB p/s ETA 5s6.25 MiB / 21.40 MiB [-------------->___________________________________] 29.19% 2.93 MiB p/s ETA 5s6.96 MiB / 21.40 MiB [---------------->_________________________________] 32.53% 3.03 MiB p/s ETA 4s8.52 MiB / 21.40 MiB [------------------->______________________________] 39.80% 3.03 MiB p/s ETA 4s9.65 MiB / 21.40 MiB [---------------------->___________________________] 45.11% 3.03 MiB p/s ETA 3s10.77 MiB / 21.40 MiB [------------------------>________________________] 50.32% 3.24 MiB p/s ETA 3s12.02 MiB / 21.40 MiB [--------------------------->_____________________] 56.18% 3.24 MiB p/s ETA 2s13.30 MiB / 21.40 MiB [------------------------------>__________________] 62.16% 3.24 MiB p/s ETA 2s14.57 MiB / 21.40 MiB [--------------------------------->_______________] 68.12% 3.44 MiB p/s ETA 1s15.92 MiB / 21.40 MiB [------------------------------------>____________] 74.42% 3.44 MiB p/s ETA 1s17.30 MiB / 21.40 MiB [--------------------------------------->_________] 80.84% 3.44 MiB p/s ETA 1s19.13 MiB / 21.40 MiB [------------------------------------------->_____] 89.40% 3.71 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 5.67 MiB p/s 4s2021-05-21T07:54:20.382Z INFO Detected OS: debian2021-05-21T07:54:20.382Z INFO Detecting Debian vulnerabilities...2021-05-21T07:54:20.437Z INFO Number of PL dependency files: 1nginx:latest (debian 10.9)==========================Total: 164 (UNKNOWN: 0, LOW: 110, MEDIUM: 13, HIGH: 29, CRITICAL: 12)+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, || | | | | | all versions, do not correctly... || | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not || | | | | | equal to its real UID the... || | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | TEMP-0841856-B18BAF | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF |+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged || | | | | | session can escape to the || | | | | | parent session in chroot || | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2017-18018 | | | | coreutils: race condition || | | | | | vulnerability in chown and chgrp || | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack || | | | | | protection address in cfgexpand.c || | | | | | and function.c leads to... || | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic || | | | | | produces repeated output || | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification || | | | | | Forgeries with SHA-1 || | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |+------------------+---------------------+ +---------------------------+---------------+--------------------------------------------------------------+| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, || | | | | | all versions, do not correctly... || | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |+------------------+---------------------+----------+---------------------------+---------------+--------------------------------------------------------------+| libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in || | | | | | backtrace functions for powerpc || | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2020-1752 | | | | glibc: use-after-free in glob() || | | | | | function when expanding ~user || | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2021-3326 | | | | glibc: Assertion failure in || | | | | | ISO-2022-JP-3 gconv module || | | | | | related to combining characters || | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |+ +---------------------+----------+ +---------------+--------------------------------------------------------------+| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in || | | | | | iconv when processing invalid || | | | | | multi-byte input sequences in... || | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2020-10029 | | | | glibc: stack corruption || | | | | | from crafted input in cosl, || | | | | | sinl, sincosl, and tanl... || | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2020-27618 | | | | glibc: iconv when processing || | | | | | invalid multi-byte input || | | | | | sequences fails to advance the... || | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |+ +---------------------+----------+ +---------------+--------------------------------------------------------------+| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise || | | | | | regular expression engine || | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 || | | | | | glibc: De-recursivise || | | | | | regular expression engine || | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2010-4756 | | | | glibc: glob implementation || | | | | | can cause excessive CPU and || | | | | | memory consumption due to... || | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2016-10228 | | | | glibc: iconv program can hang || | | | | | when invoked with the -c option || | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in || | | | | | function check_dst_limits_calc_pos_1 || | | | | | in posix/regexec.c || | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass || | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF || | | | | | leads to code execution because of... || | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-1010024 | | | | glibc: ASLR bypass using || | | | | | cache of thread stack and heap || | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-1010025 | | | | glibc: information disclosure of heap || | | | | | addresses of pthread_created thread || | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC || | | | | | not ignored in setuid binaries || | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in || | | | | | function check_dst_limits_calc_pos_1 || | | | | | in posix/regexec.c || | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2020-6096 | | | | glibc: signed comparison || | | | | | vulnerability in the || | | | | | ARMv7 memcpy function || | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |+ +---------------------+ + +---------------+--------------------------------------------------------------+| | CVE-2021-27645 | | | | glibc: Use-after-free in || | | | | | addgetnetgrentX function || | | | | | in netgroupcache.c || | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |#匹配关键包root@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:latest |grep CRITICAL220.74 KiB / 21.40 MiB [>____________________________________________________________] 1.01% ? p/s ?780.25 KiB / 21.40 MiB [-->__________________________________________________________] 3.56% ? p/s ?1.48 MiB / 21.40 MiB [---->__________________________________________________________] 6.91% ? p/s ?2.66 MiB / 21.40 MiB [------>___________________________________________] 12.43% 4.08 MiB p/s ETA 4s3.32 MiB / 21.40 MiB [------->__________________________________________] 15.49% 4.08 MiB p/s ETA 4s3.91 MiB / 21.40 MiB [--------->________________________________________] 18.27% 4.08 MiB p/s ETA 4s5.35 MiB / 21.40 MiB [------------>_____________________________________] 24.99% 4.10 MiB p/s ETA 3s6.36 MiB / 21.40 MiB [-------------->___________________________________] 29.72% 4.10 MiB p/s ETA 3s7.35 MiB / 21.40 MiB [----------------->________________________________] 34.35% 4.10 MiB p/s ETA 3s8.95 MiB / 21.40 MiB [-------------------->_____________________________] 41.84% 4.23 MiB p/s ETA 2s10.56 MiB / 21.40 MiB [------------------------>________________________] 49.34% 4.23 MiB p/s ETA 2s11.74 MiB / 21.40 MiB [-------------------------->______________________] 54.88% 4.23 MiB p/s ETA 2s13.05 MiB / 21.40 MiB [----------------------------->___________________] 60.99% 4.40 MiB p/s ETA 1s14.32 MiB / 21.40 MiB [-------------------------------->________________] 66.93% 4.40 MiB p/s ETA 1s16.19 MiB / 21.40 MiB [------------------------------------->___________] 75.69% 4.40 MiB p/s ETA 1s17.36 MiB / 21.40 MiB [--------------------------------------->_________] 81.13% 4.57 MiB p/s ETA 0s18.94 MiB / 21.40 MiB [------------------------------------------->_____] 88.51% 4.57 MiB p/s ETA 0s21.14 MiB / 21.40 MiB [------------------------------------------------>] 98.78% 4.57 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 6.16 MiB p/s 4sTotal: 164 (UNKNOWN: 0, LOW: 110, MEDIUM: 13, HIGH: 29, CRITICAL: 12)| libgnutls30 | CVE-2021-20231 | CRITICAL | 3.6.7-4+deb10u6 | | gnutls: Use after free in || libwebp6 | CVE-2018-25009 | CRITICAL | 0.6.1-2 | | libwebp: out-of-bounds read # 换个镜像版本root@node1:~/cks/vul-scan# docker run --net=host ghcr.io/aquasecurity/trivy:latest image nginx:1.16-alpine2021-05-21T07:59:24.605Z INFO Need to update DB2021-05-21T07:59:24.605Z INFO Downloading DB...380.49 KiB / 21.40 MiB [->___________________________________________________________] 1.74% ? p/s ?976.27 KiB / 21.40 MiB [-->__________________________________________________________] 4.46% ? p/s ?1.55 MiB / 21.40 MiB [---->__________________________________________________________] 7.23% ? p/s ?2.05 MiB / 21.40 MiB [---->______________________________________________] 9.57% 2.80 MiB p/s ETA 6s2.52 MiB / 21.40 MiB [----->____________________________________________] 11.80% 2.80 MiB p/s ETA 6s3.09 MiB / 21.40 MiB [------->__________________________________________] 14.46% 2.80 MiB p/s ETA 6s3.75 MiB / 21.40 MiB [-------->_________________________________________] 17.55% 2.80 MiB p/s ETA 6s4.41 MiB / 21.40 MiB [---------->_______________________________________] 20.60% 2.80 MiB p/s ETA 6s5.09 MiB / 21.40 MiB [----------->______________________________________] 23.79% 2.80 MiB p/s ETA 5s5.90 MiB / 21.40 MiB [------------->____________________________________] 27.57% 2.85 MiB p/s ETA 5s6.66 MiB / 21.40 MiB [--------------->__________________________________] 31.15% 2.85 MiB p/s ETA 5s7.50 MiB / 21.40 MiB [----------------->________________________________] 35.04% 2.85 MiB p/s ETA 4s8.58 MiB / 21.40 MiB [-------------------->_____________________________] 40.11% 2.95 MiB p/s ETA 4s9.34 MiB / 21.40 MiB [--------------------->____________________________] 43.64% 2.95 MiB p/s ETA 4s10.30 MiB / 21.40 MiB [----------------------->_________________________] 48.16% 2.95 MiB p/s ETA 3s10.78 MiB / 21.40 MiB [------------------------>________________________] 50.39% 3.00 MiB p/s ETA 3s11.31 MiB / 21.40 MiB [------------------------->_______________________] 52.86% 3.00 MiB p/s ETA 3s11.48 MiB / 21.40 MiB [-------------------------->______________________] 53.66% 3.00 MiB p/s ETA 3s11.60 MiB / 21.40 MiB [-------------------------->______________________] 54.21% 2.89 MiB p/s ETA 3s11.70 MiB / 21.40 MiB [-------------------------->______________________] 54.68% 2.89 MiB p/s ETA 3s12.20 MiB / 21.40 MiB [--------------------------->_____________________] 57.02% 2.89 MiB p/s ETA 3s12.96 MiB / 21.40 MiB [----------------------------->___________________] 60.56% 2.86 MiB p/s ETA 2s13.68 MiB / 21.40 MiB [------------------------------->_________________] 63.96% 2.86 MiB p/s ETA 2s13.92 MiB / 21.40 MiB [------------------------------->_________________] 65.05% 2.86 MiB p/s ETA 2s15.22 MiB / 21.40 MiB [---------------------------------->______________] 71.13% 2.92 MiB p/s ETA 2s15.82 MiB / 21.40 MiB [------------------------------------>____________] 73.93% 2.92 MiB p/s ETA 1s16.76 MiB / 21.40 MiB [-------------------------------------->__________] 78.33% 2.92 MiB p/s ETA 1s17.79 MiB / 21.40 MiB [---------------------------------------->________] 83.16% 3.00 MiB p/s ETA 1s18.83 MiB / 21.40 MiB [------------------------------------------->_____] 88.00% 3.00 MiB p/s ETA 0s20.29 MiB / 21.40 MiB [---------------------------------------------->__] 94.85% 3.00 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------->] 100.00% 3.20 MiB p/s ETA 0s21.40 MiB / 21.40 MiB [----------------------------------------------------] 100.00% 3.54 MiB p/s 6s2021-05-21T08:00:41.674Z INFO Detected OS: alpine2021-05-21T08:00:41.674Z INFO Detecting Alpine vulnerabilities...2021-05-21T08:00:41.680Z INFO Number of PL dependency files: 02021-05-21T08:00:41.680Z WARN This OS version is no longer supported by the distribution: alpine 3.10.42021-05-21T08:00:41.680Z WARN The vulnerability detection may be insufficient because security updates are not providednginx:1.16-alpine (alpine 3.10.4)=================================Total: 26 (UNKNOWN: 0, LOW: 2, MEDIUM: 13, HIGH: 11, CRITICAL: 0)+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| apk-tools | CVE-2021-30139 | HIGH | 2.10.4-r2 | 2.10.6-r0 | In Alpine Linux apk-tools || | | | | | before 2.12.5, the tarball || | | | | | parser allows a buffer... || | | | | | -->avd.aquasec.com/nvd/cve-2021-30139 |+---------------+------------------+ +-------------------+---------------+---------------------------------------+| busybox | CVE-2021-28831 | | 1.30.1-r3 | 1.30.1-r5 | busybox: invalid free or segmentation || | | | | | fault via malformed gzip data || | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| freetype | CVE-2020-15999 | MEDIUM | 2.10.0-r0 | 2.10.0-r1 | freetype: Heap-based buffer || | | | | | overflow due to integer || | | | | | truncation in Load_SBit_Png || | | | | | -->avd.aquasec.com/nvd/cve-2020-15999 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| libcrypto1.1 | CVE-2020-1967 | HIGH | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation || | | | | | fault in SSL_check_chain || | | | | | causes denial of service || | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer || | | | | | overflow in CipherUpdate || | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check || | | | | | bypass with X509_V_FLAG_X509_STRICT || | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |+ +------------------+----------+ +---------------+---------------------------------------+| | CVE-2020-1971 | MEDIUM | | 1.1.1i-r0 | openssl: EDIPARTYNAME || | | | | | NULL pointer de-reference || | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference || | | | | | in X509_issuer_and_serial_hash() || | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference || | | | | | in signature_algorithms processing || | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |+ +------------------+----------+ +---------------+---------------------------------------+| | CVE-2021-23839 | LOW | | 1.1.1j-r0 | openssl: incorrect SSLv2 || | | | | | rollback protection || | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| libgd | CVE-2018-14553 | HIGH | 2.2.5-r2 | 2.2.5-r3 | gd: NULL pointer || | | | | | dereference in gdImageClone || | | | | | -->avd.aquasec.com/nvd/cve-2018-14553 |+ +------------------+----------+ + +---------------------------------------+| | CVE-2019-11038 | MEDIUM | | | gd: Information disclosure || | | | | | in gdImageCreateFromXbm() || | | | | | -->avd.aquasec.com/nvd/cve-2019-11038 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| libjpeg-turbo | CVE-2020-13790 | HIGH | 2.0.4-r0 | 2.0.4-r1 | libjpeg-turbo: heap-based buffer || | | | | | over-read in get_rgb_row() in rdppm.c || | | | | | -->avd.aquasec.com/nvd/cve-2020-13790 |+---------------+------------------+ +-------------------+---------------+---------------------------------------+| libssl1.1 | CVE-2020-1967 | | 1.1.1d-r2 | 1.1.1g-r0 | openssl: Segmentation || | | | | | fault in SSL_check_chain || | | | | | causes denial of service || | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer || | | | | | overflow in CipherUpdate || | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check || | | | | | bypass with X509_V_FLAG_X509_STRICT || | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |+ +------------------+----------+ +---------------+---------------------------------------+| | CVE-2020-1971 | MEDIUM | | 1.1.1i-r0 | openssl: EDIPARTYNAME || | | | | | NULL pointer de-reference || | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference || | | | | | in X509_issuer_and_serial_hash() || | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |+ +------------------+ + +---------------+---------------------------------------+| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference || | | | | | in signature_algorithms processing || | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |+ +------------------+----------+ +---------------+---------------------------------------+| | CVE-2021-23839 | LOW | | 1.1.1j-r0 | openssl: incorrect SSLv2 || | | | | | rollback protection || | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| libxml2 | CVE-2020-24977 | MEDIUM | 2.9.9-r3 | 2.9.9-r4 | libxml2: Buffer overflow || | | | | | vulnerability in || | | | | | xmlEncodeEntitiesInternal() || | | | | | in entities.c || | | | | | -->avd.aquasec.com/nvd/cve-2020-24977 |+---------------+------------------+ +-------------------+---------------+---------------------------------------+| musl | CVE-2020-28928 | | 1.1.22-r3 | 1.1.22-r4 | In musl libc through 1.2.1, || | | | | | wcsnrtombs mishandles particular || | | | | | combinations of destination buffer... || | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |+---------------+ + + + + +| musl-utils | | | | | || | | | | | || | | | | | || | | | | | |+---------------+------------------+ +-------------------+---------------+---------------------------------------+| nginx | CVE-2019-20372 | | 1.16.1-r1 | 1.16.1-r2 | nginx: HTTP request smuggling || | | | | | in configurations with URL || | | | | | redirect used as error_page... || | | | | | -->avd.aquasec.com/nvd/cve-2019-20372 |+---------------+------------------+ +-------------------+---------------+---------------------------------------+| pcre | CVE-2020-14155 | | 8.43-r0 | 8.43-r1 | pcre: integer overflow in libpcre || | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+| ssl_client | CVE-2021-28831 | HIGH | 1.30.1-r3 | 1.30.1-r5 | busybox: invalid free or segmentation || | | | | | fault via malformed gzip data || | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 |+---------------+------------------+----------+-------------------+---------------+---------------------------------------+
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
相关文章
发表评论
暂时没有评论,来抢沙发吧~